If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Ask your email admin to turn off the auto responder for Norton. This virus spoofs the sender so the auto responder is not effective. You end up sending messages to people that are probably are not infected causing more confusion and more traffic.

Re: novarg

Originally posted here by Tanker135 To: S3cur|ty4ng31
I've created a rules files with your posting and am taking hits from outside my firewall. It would appear that some novarg virus traffic is originating from our mail server, however my mail administrator claims it could not happen, as he's installed Norton's protection software. He does claim that Norton automatically responds to senders of novarg that the're infected. Could the automatic response be the cause of the hits I'm seeing coming from the inside of my network?

Thanks!

Yeah I am assuming your spoofed. One of the things the virus does is use the email addressed stored on the computer so it porbably just used your email address at another computer and sent an email back to you. And the snort rules are designed only to see incoming traffic on port 25 if you copied them directly so its not like your sending anything out.

Oh I didnt get much feedback at all on my rules so I am just curious if anything got past them. I havent gotten much of the mutated versions but so far its detected every Novarg and every variation. I would like to no if any got by you and if they did could you possibly email me what did.